GOV.AU SMS Sender ID To Tackle SMS Fraud ?

whyisave on 15/06/2024 - 15:26
Last edited 15/06/2024 - 15:27

Getting a GOV.AU SMS Sender ID will be a good idea to implement in Australia, as the amount of scam/fraud SMSs has grown exponentially.

I get SMSs telling me, to check my Medicare details, to track my missing parcel by providing my credit card details, update my Telstra billing details even when I don't use Telstra, etc….
but I guess I know how to navigate through them, but I've seen elderly people get suckered into this very easily, as they panic when receiving these sort of messages.

Official Link: https://www.gov.sg/article/what-you-need-to-know-govsg-sms-s…

From 1 July 2024, all government SMS communications will be consolidated under a single, easily identifiable SMS sender ID - gov.sg.
Recipients will no longer need to decipher multiple sender IDs from various government agencies.

ChannelNewsAsia: https://www.channelnewsasia.com/singapore/sms-gov-sg-governm…

From Jul 1, SMSes from government agencies will come from a single sender ID known as gov.sg, instead of the individual organisations.

The move is aimed at helping the public identify authentic government SMSes and to guard against government official impersonation scams, said Smart Nation Group, Open Government Products (OGP) and the Ministry of Communications and Information in a joint media release on Thursday (Jun 13).

Mobile

Comments

  • non-core promise on 15/06/2024 - 15:35
    +2

    Anything to do with government IT in Australia is almost universally shit.

    Part of me wishes the standards for my workplace as low as that, until I remember the stereotypical public service culture where it is more about fitting in than getting the job done.

    Similarly, expect anything to do with Australian government IT security to be years or decades behind the more sophisticated crooks.

    • whyisave on 15/06/2024 - 15:38

      Anything to do with government IT in Australia is almost universally shit.

      Digital ID is probably getting rolled out from 01 July 2024,
      after the Governer-General has signed the law now.

      You'll probably see that without the Digital ID, you won't be able to use Internet services or accounts,
      because it might be implemented as part of the Misinformation / Disinformation bill.

      • non-core promise on 15/06/2024 - 15:47
        +1

        You'll probably see that without the Digital ID, you won't be able to use Internet services or accounts,
        because it might be implemented as part of the Misinformation / Disinformation bill.

        That sounds like bullshit. Even if a government were able to pass this mildly authoritarian bill, it wouldn't be able to be done without at least some uproar from privacy/liberty groups. We'd know about it the moment it is tabled and long before any vote takes place.

        https://www.digitalidentity.gov.au/legislation

        These Acts will provide individuals with secure, convenient, voluntary and inclusive ways to verify their identity for use in online transactions with government and businesses.

        All indications are that it will be a voluntary add-on as a more convenient option than the 100 point ID nonsense we have currently.

        If it ever does get made compulsory, it would likely be further down the line and like I said above, we'd know about it. It would be very hard to make it compulsory without anyone noticing.

        • whyisave on 15/06/2024 - 16:31

          the Governer-General has signed the law now.

          https://www.digitalidentity.gov.au/legislation

          I'm mistaken to say, it's been signed into law now.

          It's the bill that was signed.
          source: https://www.aph.gov.au/Parliamentary_Business/Bills_LEGislat…

          Finally passed both Houses: 16 May 2024

          Assent - 30 May 2024
          Act no: 25
          Year: 2024

          You would be correct, if we are awaiting legislation, because it has not been legislated, right ?

          very hard to make it compulsory without anyone noticing.

          I was surmising that the Mis- / Dis-information bill would the necessary impetus to make the ID a part of being online.

        • fantombloo on 15/06/2024 - 19:52

          wouldn't be able to be done without at least some uproar from privacy/liberty groups

          The data retention laws came in without much fuss - I would've thought / hoped it enough to get people in the streets. Never underestimate just how little most Australians care about these types of issues.

    • AustriaBargain on 15/06/2024 - 17:12
      +1

      The ALP NBN rollout was pretty good wasn't it? From the beforetimes, before Abbott and co. broke into government and started smashing stuff up with a wooden club.

      • whyisave on 15/06/2024 - 17:19

        The Do Not Call register was a decent attempt and it cut down on spam calls coming through the landline and the mobile phone.
        - https://www.donotcall.gov.au/

        However, scam SIP calls coming from overseas are a big problem.

        • AustriaBargain on 15/06/2024 - 18:07
          +1

          The old "I want to be removed from the list" trick won't work on overseas scammers. They will note down in your file that the identify listed for you is correct, that you still use the number and answer calls, and then sell that information to whoever can make money from it. There's some YouTubers who somehow hack into their call centres and explores how they work, even gets into their webcams and stuff. Not exactly a sophisticated operation these Indians scammers are running.

      • non-core promise on 15/06/2024 - 18:07
        +1

        Well, most people didn't get full fat fibre before the conservatives butchered it, so that's just a case of postcode lottery.

        The ALP NBN plan was far from perfect and it wasn't a smooth journey at all.

        https://en.wikipedia.org/wiki/National_Broadband_Network

        That's partly what opened them up to very anti intellectual attacks from Abbott. He could have tried to outsmart them by pointing out the flaws, but still agree with the overall idea of improving broadband speeds, but instead went full anti intellectual by pretending that high bandwidth internet would just be for porn addicts, nerds and other undesirables.

        Then again, I think the Murdoch papers would have turned on Abbott if he tried to do that. It might have ended up as his equivalent of agreeing with Rudd/Gillard too much, just as Turnbull did with Rudd on the ETS.

        Either way, we ended up with our current situation. Our broadband is prohibitively expensive, even if you bargain hunt for promotional pricing and they're continuing to slowly tighten the screws because various conservatives governments have made it uncool to spend money on infrastructure without getting it repaid immediately by the user, which in turn, causes people to not want to use said infrastructure because of the cost.

        This also speaks to a broader conversation where conservative governments have successfully convinced average Australians that the current balance of the budget and whether it is in deficit or surplus as an indication of economic management, rather than a structural deficit/surplus.

        Using their logic, selling your car (without an alternative method of transport) to improve your bottom line in the short term is "good economic management" when in reality, you've ruined your ability to get around town to make money in order to pay the car off.

        We should have invested in internet infrastructure and kept it cheap, even if it meant deep deficits, since better internet would be repaid later down the line through more successful internet based businesses paying more tax.

        Unfortunately, most people fail to understand this, which is partly why the Albanese Labor government is running a much slimmer agenda.

        • AustriaBargain on 15/06/2024 - 18:08
          +3

          I'm catching the train to work the day after Murdoch dies. Won't be able to drive due to the parade.

    • DingoBilly on 16/06/2024 - 11:13

      I'm not sure this is accurate. I thought things like mygov etc. are super easy to use and well integrated with great security?

      Having worked in both public and private, the public IT infrastructure also generally seemed way beyond private, although I was working at cheap plonky places looking to cut costs admittedly. Like using DOS systems in private companies around 2007 lol. I think OPSM also seems to still use DOS or similar, unless they've changed it. But that shit is old.

      You're far more likely to have IT breaches in private companies as well, although hard for me to quantify if that's just because there's more private businesses.

      It's probably fairer to say on average government is more up to date and compliant than private businesses, but the best of government won't match the best of private.

      • non-core promise on 16/06/2024 - 11:43

        MyGov went through multiple iterations to get to where they are today. It was far worse than it was currently.

        Even now, they have issues with things like their TOTP login tokens.

        Lots of people (including myself) have had issues with being unable to disconnect their MyGov Code Generators when their phones fail or they lose access for some other reason.

        This is all despite being a standard TOTP implementation that doesn't offer anything special over saving a TOTP seed in an existing 2FA app.

        If you lose access to your MyGov Code Generator app unexpectedly and don't have SMS as a backup, they basically tell you to (profanity) off and create a new MyGov account.

        So no, MyGov is not "good" in any way, shape or form.

        • DingoBilly on 17/06/2024 - 08:53

          Sounds like a fairly minor problem. It's pretty extreme to say the whole thing sucks in every way because of a token login issue that doesn't affect many people (I googled and couldn't find any mention of it personally, suggesting its not widespread at all). So if you're heavily biased already then you're not going to provide a solid point of reference for if it's good or not.

          Also, I did a bit more reading and sounds like if they outsource work to private companies it tends to suck. My experiences are similar - any time we engaged private companies in government they were awful. I was astonished how incompetent even major firms were. In-house tends to be significantly better.

          • non-core promise on 17/06/2024 - 10:06

            @DingoBilly: A poor implementation of TOTP is hardly minor.

            SMS is widely regarded as an insecure method of 2FA, but it is the only one that functions properly for MyGov.

            I'm not talking about forcing everyone to use TOTP. I fully acknowledge a lot of stupid people do not know what TOTP is, let alone managing their own TOTP secrets.

            I'm talking about a proper TOTP implementation. Most people cannot use government services without interacting with MyGov in some capacity. You shouldn't just be happy with SMS 2FA for something that lots of people use.

            MyGov doesn't have any competitors. So it's not like Westpac where if people don't like their 6 character password bullshit, they can bank with someone else.

  • websterp on 15/06/2024 - 18:44
    +3

    This is somewhat done in Australia already but haven't garnered much publicity. Few months back bulk SMS providers here had to register all alphanumeric sender IDs thier customers use with the government/ACMA. So for example if you got a SMS from the sender ComBank you can have a much higher degree of confidence that it actually came from ComBank. If a bulk sender allowed a non-registered ID to send messages through their service and spam mobile users they can now expect a hefty fine and some have alright been fined.

    https://commsrisk.com/5-aussie-telcos-breached-anti-scam-rul…

    While the above is not perfect there is at least some form of filtering in place now. What you really have to be on alert are the messages that come from spoofed mobile numbers as they could even originate from overseas but could be made to look like a local mobile number.

    • Roentgenium on 15/06/2024 - 23:28

      further to this, the agency I work at has agreements with the major telcos for a number of years to block the delivery of texts where they're trying to use our name or a variation. I get a monthly report showing the all the names and the number of texts blocked

Login or Join to leave a comment
Login Join